CallPico
Create account
Legal

Privacy Policy

Last updated May 18, 2026

This Privacy Policy explains how CallPico ("we", "us") collects, uses, stores, and protects information about you when you use our iOS, Android, and web applications and related services (collectively, the "Service"). By creating an account or otherwise using the Service, you agree to the practices described below.

Information We Collect

We collect the minimum information needed to operate the Service. Specifically:

  • Account information: your email address, hashed password, display name, preferred language, and timestamps of your acceptance of these terms and the Privacy Policy.
  • Authentication state: short-lived session tokens, always hashed before storage.
  • Your phone lines: the E.164 phone numbers you provision, their country and carrier, supported capabilities (voice, SMS, MMS), and any nickname you set.
  • Communications: message bodies (stored as AES-256-GCM ciphertext with KMS-wrapped keys), call metadata (direction, duration, counterparty number, timestamp), voicemail audio recordings and their machine-generated transcripts.
  • Contacts: only the contacts you choose to import or sync to your CallPico account.
  • Device and notification data: operating-system version, app version, push-notification tokens, and the IP address used at sign-in (used solely for security and fraud prevention).
  • Payment data: subscription state, plan tier, and a Stripe customer identifier. We do not see or store full credit-card numbers (see below).
  • Support and audit history: copies of messages you send to support, and an append-only audit log of significant account actions (sign-in, sign-out, plan change, number purchase or release, data export, account deletion).

How We Use Your Information

We use the information above to:

  • Provide, maintain, and improve the Service, including routing calls and messages through licensed carriers, generating voicemail transcripts, and presenting unified inboxes.
  • Process payments and prevent fraudulent charges via Stripe, Apple, or Google.
  • Detect, investigate, and prevent abuse, fraud, and violations of our Terms of Service or Acceptable Use Policy.
  • Communicate with you about service updates, security notices, billing events, and (with your consent) product announcements you can unsubscribe from at any time.
  • Comply with applicable laws, lawful subpoenas, and other binding legal processes.

Information We Never Collect

Some categories of data CallPico will never collect, retain, or transmit:

  • Plaintext passwords. Passwords are hashed with Argon2id before they reach our database.
  • Credit-card numbers, CVV codes, or full card details. Stripe, Apple, and Google handle all card data directly.
  • Voice-call audio. CallPico does not record live calls. Only voicemail recordings (which the caller chose to leave) are stored.
  • Microphone or camera input outside of an active call, MMS attachment, or voicemail recording session.
  • Continuous location data, browsing history, or telemetry from outside the app.

How We Protect Your Data

Security is the foundation of CallPico. Our key technical safeguards include:

  • AES-256-GCM encryption at rest for message bodies, voicemail audio, transcripts, and other sensitive fields.
  • Per-account encryption keys wrapped by a master key stored in a managed Key Management Service (KMS); plaintext keys never leave the security boundary.
  • TLS 1.3 for all network traffic between the apps, our APIs, and our infrastructure providers.
  • Argon2id password hashing with a unique per-user salt and high memory-cost parameters.
  • Principle of least privilege: internal access to production data is restricted, audited, and time-bound.
  • Regular third-party penetration testing and a published security disclosure channel at security@callpico.io.

Your Rights

Wherever you live, you have the following rights regarding your CallPico data. To exercise any of them, use the in-app controls or email us at privacy@callpico.io.

  • Access and portability: download a complete JSON export of every row tied to your account, with message bodies decrypted, at any time from Settings > Privacy > Export my data.
  • Erasure: delete your account from within the app. Soft-delete is immediate; permanent deletion runs 30 days later and releases all phone numbers and cancels your subscription.
  • Rectification: update any account or per-resource setting directly in the app.
  • Restriction: sign out to revoke the active session token while keeping your data intact.
  • Objection: opt out of optional product communications via Settings > Notifications.
  • Complaint: lodge a complaint with your local data-protection authority (for example, the European Data Protection Board in the EEA, the ICO in the UK, or the Privacy Protection Authority in Israel).

Data Retention

We retain data only for as long as we need it. Specific retention windows:

  • Active account data: kept while the account is active.
  • Soft-deleted accounts: 30 days, then permanently deleted.
  • Voicemail audio recordings: 90 days, then lifecycle-deleted from object storage.
  • Encrypted message bodies: kept while the account is active; deleted with the account.
  • Backup snapshots: 30 days; included in the deletion timeline above.
  • Revoked authentication sessions: 90 days for fraud investigation, then purged.
  • Audit log: kept indefinitely for security and compliance, but anonymized at the user level once the account is permanently deleted.

Subprocessors

CallPico relies on the following sub-processors to deliver the Service. Each is bound by a Data Processing Agreement and processes only what the Service requires:

  • Twilio, Telnyx, and partner carriers: telephony (voice, SMS, MMS, voicemail).
  • Stripe: subscription billing and card-payment processing.
  • Cloudflare: DDoS protection, CDN, and object storage (R2) for encrypted media.
  • Resend: transactional email (verification, billing receipts, password reset).
  • Sentry: error and crash reporting; PII is redacted before leaving the app.
  • App Store Connect and Google Play Console: for in-app purchases on iOS and Android.

International Data Transfers

CallPico's production infrastructure is hosted in the European Union and the United States, with regional edge nodes for low-latency calling. When data is transferred outside your country of residence, we rely on appropriate legal mechanisms.

For visitors from the EEA, UK, or Switzerland, we use Standard Contractual Clauses (SCCs) with each of our sub-processors. For visitors from Israel, we transfer data in accordance with the Privacy Protection Regulations (Transfer of Data to Foreign Databases), 5761-2001.

Children's Privacy

CallPico is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please email privacy@callpico.io and we will delete the data promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, applicable law, or operational practices. Material changes will be announced in-app and by email at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

Contact Us

Questions, data-subject requests, or concerns about this Privacy Policy can be sent to privacy@callpico.io. We aim to respond within 30 days.